def test_open_and_close_db(app):
with app.app_context():
conn_db = get_conn()
assert conn_db is get_conn()
with raises(ProgrammingError) as prog_err:
conn_db.execute('SELECT * FROM user')
assert 'closed' in str(prog_err)
def app():
db_file_dir, db_path = mkstemp()
app = create_app({'TESTING': True, 'DATABASE': db_path})
with app.app_context():
init_database()
get_conn().executescript(HDL_SQL)
yield app
close(db_file_dir)
unlink(db_path)
def register():
if request.method == 'POST':
alias = request.form['alias']
email = request.form['email']
passwd = request.form['passwd']
conn_db = get_conn()
error = None
if not email:
error = 'E-mail is required!'
elif not passwd:
error = 'Password is required!'
elif conn_db.execute('SELECT * FROM user WHERE email = ?',
(email, )).fetchone() is not None:
error = 'An User with e-mail' + email + 'already exists!'
if alias is None or alias == '':
alias = email[0:email.find('@')]
if error is None:
# TODO: use this -> http://flask-bcrypt.readthedocs.io/en/latest/
conn_db.execute(
'INSERT INTO user (alias, email, passwd) VALUES (?, ?, ?)',
(alias, email, generate_password_hash(passwd)))
conn_db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_conn().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def index():
'''
Defines the main route of app.
'''
conn_db = get_conn()
posts = conn_db.execute(
'SELECT p.id, p.author_id, p.title, p.body, p.created, u.alias, u.email'
' FROM post p JOIN user u ON p.author_id = u.id'
' ORDER BY created DESC').fetchall()
return render_template('blog/index.html', posts=posts)
def test_register(client, app):
assert client.get('/auth/register').status_code == 200
response = client.post(
'/auth/register',
data={'alias':'Outro', 'email':'*****@*****.**', 'passwd':'12345'}
)
assert response.headers['Location'] == 'http://localhost/auth/login'
with app.app_context():
assert get_conn().execute(
"SELECT * FROM user WHERE email = '*****@*****.**'"
).fetchone() is not None
def get_post(post_id, check_author=True):
post = get_conn().execute(
'SELECT p.id, p.author_id, p.title, p.body, p.created, u.alias, u.email'
' FROM post p JOIN user u ON p.author_id = u.id'
' WHERE p.id = ?', (post_id, )).fetchone()
if post is None:
abort(404, 'Post id-{id} doesn\'t exists'.format(id=post_id))
if check_author and g.user['id'] != post['author_id']:
abort(403, 'Whoa! You cannot access this!')
return post
def update(post_id):
post = get_post(post_id)
if request.method == 'POST':
title = request.form['post_title']
body = request.form['post_text']
error = None
if not title:
error = 'Title is required.'
if not error:
conn_db = get_conn()
conn_db.execute('UPDATE post SET title = ?, body = ? WHERE id = ?',
(title, body, post_id))
conn_db.commit()
return redirect(url_for('blog.index'))
flash(error)
return render_template('blog/update.html', post=post), 200
def create():
if request.method == 'POST':
title = request.form['post_title']
body = request.form['post_text']
error = None
if not title:
error = 'Title is required.'
elif len(body) < 5:
error = 'Body must have at least 5 caracters.'
if error is None:
conn_db = get_conn()
conn_db.execute(
'INSERT INTO post (author_id, title, body)'
' VALUES (?, ?, ?)', (g.user['id'], title, body))
conn_db.commit()
return redirect(url_for('blog.index'))
flash(error)
return render_template('blog/create.html'), 201
def login():
if request.method == 'POST':
email = request.form['email']
passwd = request.form['passwd']
conn_db = get_conn()
error = None
user = conn_db.execute('SELECT * FROM user WHERE email = ?',
(email, )).fetchone()
if user is None:
error = 'Incorrect user or password.'
elif not check_password_hash(user['passwd'], passwd):
error = 'Incorrect user or password.'
if error is None:
session.clear()
session['user_id'] = user['id']
session['logged_in'] = time()
return redirect(url_for('index'))
flash(error)
return render_template('auth/login.html')
def delete(post_id):
get_post(post_id)
conn_db = get_conn()
conn_db.execute('DELETE FROM post WHERE id = ?', (post_id, ))
conn_db.commit()
return redirect(url_for('blog.index'))